Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
774
Views
0
Helpful
6
Replies

guest VRF not able to access internet

tachyon05
Level 1
Level 1

‎05-30-2023 04:50 PM

RO ............  SDWAN  ..............  HQ --- Internet
Remote Office                         Headquarters
 |                                      |
 |------------- guest VRF --------------|

 

RO connects to HQ via BGP over a SDWAN solution.  Both RO and HQ network use EIGRP otherwise.

Issue is Guest users at RO are not able to access internet.

On RO, show IP route vrf guest displays correct GRE tunnel routes and a default route learned from HQ.  ping vrf guest [tunnel destination on HQ] works.

At HQ, show ip route vrf guest displays correct GRE tunnel routes.  ping vrf guest [tunnel destination / guest SVI on RO] works.  ping vrf guest [internet public IPs] works.

What could be preventing RO guests from accessing internet?

Labels:
0 Helpful
6 Replies 6

Flavio Miranda
VIP
VIP

‎05-30-2023 05:11 PM

Hi

 DNS lookup on RO guest vrf?

0 Helpful

tachyon05
Level 1
Level 1

‎05-30-2023 09:11 PM

PINGs using IP addresses are not working so not a DNS issue.  Thanks

0 Helpful

Flavio Miranda
VIP
VIP
In response to tachyon05

‎05-30-2023 11:48 PM

"ping vrf guest [internet public IPs] works."

When I saw this, I undertood the user are able to ping on the internet . What do you call " internet public IP address"?

 Traceroute from guest vrf towards internet  stops where?

What about NAT? Where the NAT is happening?

 

0 Helpful

paul driver
VIP
VIP

‎05-30-2023 11:51 PM - edited ‎05-30-2023 11:51 PM

Hello

@tachyon05 wrote:
On RO, show IP route vrf guest displays correct GRE tunnel routes and a default route learned from HQ. 
What could be preventing RO guests from accessing internet?


Within the vrf table is the default route pointing to the global rib table at HQ
Example:
ip route vrf guest 0.0.0.0 0.0.0.0 x.x.x.x global


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

tachyon05
Level 1
Level 1

‎05-31-2023 01:27 PM - edited ‎05-31-2023 01:28 PM

There are no NATs, no firewall, and no DNS in this case, and I am only using PINGs and IP addresses.

 

Commands ran on RO
ping vrf guest [public IP] fails
show IP route vrf guest confirms a default route is learned from the other side of the GRE tunnel / HQ.
trace vrf guest [public IP] shows first hop is the GRE tunnel interface IP configured on HQ, hops 2 - 30 are all ***.

Commands ran on HQ
ping vrf guest [guest SVI on RO] works
ping vrf guest [guest SVI on RO] source [tunnel IP on HQ] works
ping vrf guest [public IP] works
ping vrf guest [public IP] source [tunnel IP on HQ] fails !!! this is probably the cause?

0 Helpful

tachyon05
Level 1
Level 1

‎05-31-2023 04:42 PM

Issue was resolved after learning a return route was missing from one of the devices at HQ.  Thanks everyone!

0 Helpful
Customers Also Viewed These Support Documents